Home > Vulnerability Database > CVE-2022-32531

Mend.io Vulnerability Database

CVE-2022-32531

Good to know:

Date: December 15, 2022

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.

Language: Java

Severity Score

5.9

Related Resources (3)

Url: https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-32531

Url: https://www.mend.io/vulnerability-database/CVE-2022-32531

Severity Score

5.9

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version org.apache.bookkeeper:bookkeeper-common:4.15.1

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-32531

Good to know:

Date: December 15, 2022

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?